On February 9, 2026, the Federal Energy Regulatory Commission published a notice in the Federal Register announcing modifications to several of its systems of records under the Privacy Act of 1974. This update introduces a new routine use that permits sharing records with the Department of the Treasury to help identify, prevent, or recover improper payments through the Do Not Pay Working System. The changes stem from Executive Order 14249, signed by President Trump on March 25, 2025, which aims to protect federal funds from fraud, waste, and abuse. This development reflects ongoing efforts to enhance fiscal accountability across federal agencies while navigating privacy protections. It impacts a range of FERC records, from employee personnel files to investigative data, and invites public comments for 30 days following publication.
Background and Legal Framework
The Privacy Act of 1974 governs how federal agencies handle personal information, requiring them to publish systems of records notices, or SORNs, that detail the collection, use, and disclosure of such data. A routine use is a provision allowing disclosure for purposes compatible with the original collection. In this case, FERC is amending multiple SORNs to add a routine use aligned with broader federal initiatives on payment integrity.
Executive Order 14249, issued by President Trump, directs agencies to review and update their SORNs to facilitate data sharing with Treasury for fraud prevention. The order builds on prior efforts like the Improper Payments Elimination and Recovery Act of 2010, which established mechanisms to reduce erroneous federal disbursements. OMB Memo M-25-32 provides implementation guidance, emphasizing the Do Not Pay system—a Treasury-operated database that cross-checks payment eligibility against sources like death records and excluded parties lists.
FERC, as an independent agency within the Department of Energy, regulates interstate transmission of electricity, natural gas, and oil. Its SORNs cover internal operations, including personnel management and enforcement activities. The modifications ensure these systems support the executive order's goals without altering their core purposes.
Key Systems Affected and Modifications
The notice lists 22 specific SORNs being updated, spanning categories like employee benefits, financial records, and security investigations. For instance, FERC-57 covers Federal Personnel and Payroll Records, which include data on salaries and benefits. FERC-59 pertains to Enforcement Investigation Records, involving details from regulatory probes. Each SORN retains its original elements—such as system location, manager, authority, and retention policies—while incorporating the new routine use.
The added routine use states: 'To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state.' This applies universally unless a specific SORN states otherwise. FERC notes that the use is compatible with the collection purposes, as it supplements existing disclosures without replacement.
No changes are made to security classifications, all marked as unclassified, or to safeguards like storage policies, which vary by system but generally include secure electronic and physical measures.
Key Players and Implementation Process
FERC's Chief Information Officer and Senior Agency Official for Privacy, Mittal Desai, is the primary contact for inquiries. The notice was signed by Secretary Debbie-Anne A. Reese on February 4, 2026. Broader involvement includes the Department of the Treasury, which operates the Do Not Pay system, and the Office of Management and Budget, which issued the supporting memo.
The process follows Privacy Act requirements: publication in the Federal Register with a 30-day comment period. Comments can be submitted to FERC's Washington, DC address or via email, referencing the executive order. If no significant comments are received, the changes take effect 30 days post-publication. This mirrors procedures in prior SORN updates, such as those cited in the notice's history, like 89 FR 87363 for FERC-21 Training Records.
Implications and Perspectives
Short-term implications include improved federal payment oversight, potentially reducing billions in annual improper payments reported by the Government Accountability Office. For FERC, this means enhanced scrutiny of disbursements in areas like employee compensation or regulatory awards, aligning with fiscal responsibility mandates.
Long-term, the modifications could set a precedent for interagency data sharing, influencing how privacy and security intersect with anti-fraud efforts. Proponents, including Treasury officials, argue it strengthens public trust in government spending, as echoed in Executive Order 14249's directive to protect 'America's Bank Account.' Critics, such as privacy advocates from groups like the Electronic Privacy Information Center, may highlight risks of expanded data access eroding individual protections under the Privacy Act.
Different perspectives emerge without clear consensus. Government efficiency experts view it as a necessary evolution of tools like Do Not Pay, established under the 2010 Act. Privacy-focused organizations emphasize the need for robust safeguards to prevent misuse, pointing to past data breaches in federal systems. Legal scholars note compatibility with precedents like the Supreme Court's ruling in Department of Agriculture v. Moreno (1973), which addressed welfare fraud prevention, though not directly analogous.
Forward-Looking Conclusion
This FERC notice underscores a federal push toward integrated fraud prevention while upholding Privacy Act standards. Key takeaways include the addition of a targeted routine use across diverse SORNs, driven by Executive Order 14249 from President Trump. Potential next steps involve reviewing public comments and possible further adjustments if issues arise. Ongoing debates may center on balancing anti-fraud measures with privacy rights, especially as technology advances data-sharing capabilities. Future challenges could include adapting to evolving threats like cyber fraud or integrating with state-administered programs, ensuring compliance without compromising individual data security.
